feat: Allow restricting the creation of resources

Signed-off-by: Jens Reimann <jreimann@redhat.com> Co-authored-by: Thomas Jaeckle <thomas.jaeckle@bosch.io>
eclipse-ditto · Dec 13, 2021 · 54c1899 · 54c1899
1 parent 66398ab
commit 54c1899
Show file tree

Hide file tree

Showing 24 changed files with 991 additions and 95 deletions.
diff --git a/...e/src/main/java/org/eclipse/ditto/concierge/service/common/CreationRestrictionConfig.java b/...e/src/main/java/org/eclipse/ditto/concierge/service/common/CreationRestrictionConfig.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2021 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+package org.eclipse.ditto.concierge.service.common;
+
+import java.util.List;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+import javax.annotation.concurrent.Immutable;
+
+import org.eclipse.ditto.internal.utils.config.KnownConfigValue;
+
+/**
+ * Provides configuration settings for an entry of restricting the creation of entities.
+ */
+@Immutable
+public interface CreationRestrictionConfig {
+
+    /**
+     * The list of resource types this entry applies to.
+     * An empty list would match any.
+     *
+     * @return the list of values
+     */
+    Set<String> getResourceTypes();
+
+    /**
+     * The list of namespace {@link Pattern}s this entry applies to.
+     * An empty list would match any. The pattern must match the full string.
+     *
+     * @return the list of values
+     */
+    List<Pattern> getNamespace();
+
+    /**
+     * The list of authentication subject {@link Pattern}s this entry applies to.
+     * An empty list would match any.
+     *
+     * @return the list of values
+     */
+    List<Pattern> getAuthSubject();
+
+    /**
+     * An enumeration of the known config path expressions and their associated default values for
+     * {@code CreationRestrictionConfig}.
+     */
+    enum CreationRestrictionConfigValues implements KnownConfigValue {
+        /**
+         * Matching resource types.
+         */
+        RESOURCE_TYPES("resource-types", Set.of()),
+        /**
+         * Matching namespaces, supports wildcards.
+         */
+        NAMESPACES("namespaces", Set.of()),
+        /**
+         * Matching auth subjects.
+         */
+        AUTH_SUBJECTS("auth-subjects", Set.of());
+
+        private final String path;
+        private final Object defaultValue;
+
+        CreationRestrictionConfigValues(final String thePath, final Object theDefaultValue) {
+            path = thePath;
+            defaultValue = theDefaultValue;
+        }
+
+        @Override
+        public String getConfigPath() {
+            return path;
+        }
+
+        @Override
+        public Object getDefaultValue() {
+            return defaultValue;
+        }
+
+    }
+}
diff --git a/...ain/java/org/eclipse/ditto/concierge/service/common/DefaultCreationRestrictionConfig.java b/...ain/java/org/eclipse/ditto/concierge/service/common/DefaultCreationRestrictionConfig.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2021 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+package org.eclipse.ditto.concierge.service.common;
+
+import com.typesafe.config.Config;
+import org.eclipse.ditto.internal.utils.config.ConfigWithFallback;
+import org.eclipse.ditto.rql.query.LikeHelper;
+
+import javax.annotation.concurrent.Immutable;
+import java.util.List;
+import java.util.Objects;
+import java.util.Set;
+import java.util.regex.Pattern;
+import java.util.stream.Collectors;
+
+/**
+ * This class implements {@link CreationRestrictionConfig} for Ditto's Concierge service.
+ */
+@Immutable
+public class DefaultCreationRestrictionConfig implements CreationRestrictionConfig {
+
+    private static final String RESOURCE_TYPES_CONFIG_PATH = "resource-types";
+    private static final String NAMESPACES_CONFIG_PATH = "namespaces";
+    private static final String AUTH_SUBJECTS_CONFIG_PATH = "auth-subjects";
+
+    private final Set<String> resourceTypes;
+    private final List<Pattern> namespacePatterns;
+    private final List<Pattern> authSubjectPatterns;
+
+    private DefaultCreationRestrictionConfig(final ConfigWithFallback configWithFallback) {
+        this.resourceTypes = Set.copyOf(configWithFallback.getStringList(RESOURCE_TYPES_CONFIG_PATH));
+        this.namespacePatterns = compile(List.copyOf(configWithFallback.getStringList(NAMESPACES_CONFIG_PATH)));
+        this.authSubjectPatterns = compile(List.copyOf(configWithFallback.getStringList(AUTH_SUBJECTS_CONFIG_PATH)));
+    }
+
+    private static List<Pattern> compile(List<String> patterns) {
+        return patterns.stream()
+                .map(expression -> Pattern.compile(LikeHelper.convertToRegexSyntax(expression)))
+                .collect(Collectors.toUnmodifiableList());
+    }
+
+    /**
+     * Returns an instance of {@code DefaultCreationRestrictionConfig} based on the settings of the specified Config.
+     *
+     * @param config is supposed to provide the settings of the restriction config.
+     * @return the instance.
+     * @throws org.eclipse.ditto.internal.utils.config.DittoConfigError if {@code config} is invalid.
+     */
+    public static DefaultCreationRestrictionConfig of(final Config config) {
+        return new DefaultCreationRestrictionConfig(ConfigWithFallback.newInstance(config,
+                CreationRestrictionConfig.CreationRestrictionConfigValues.values()));
+    }
+
+    @Override
+    public Set<String> getResourceTypes() {
+        return resourceTypes;
+    }
+
+    @Override
+    public List<Pattern> getNamespace() {
+        return namespacePatterns;
+    }
+
+    public List<Pattern> getAuthSubject() {
+        return authSubjectPatterns;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        DefaultCreationRestrictionConfig that = (DefaultCreationRestrictionConfig) o;
+        return resourceTypes.equals(that.resourceTypes)
+                && namespacePatterns.equals(that.namespacePatterns)
+                && authSubjectPatterns.equals(that.authSubjectPatterns);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(resourceTypes, namespacePatterns, authSubjectPatterns);
+    }
+
+    @Override
+    public String toString() {
+        return getClass().getSimpleName() + " [" +
+                "resourceTypes=" + resourceTypes +
+                ", namespacePatterns=" + namespacePatterns +
+                ", authSubjectPatterns=" + authSubjectPatterns +
+                ']';
+    }
+}
diff --git a/...ce/src/main/java/org/eclipse/ditto/concierge/service/common/DefaultEnforcementConfig.java b/...ce/src/main/java/org/eclipse/ditto/concierge/service/common/DefaultEnforcementConfig.java
@@ -38,6 +38,7 @@ public final class DefaultEnforcementConfig implements EnforcementConfig {
     private final int bufferSize;
     private final boolean globalLiveResponseDispatching;
     private final Set<String> specialLoggingInspectedNamespaces;
+    private final EntityCreationConfig entityCreation;
 
     private DefaultEnforcementConfig(final ConfigWithFallback configWithFallback) {
         askWithRetryConfig = DefaultAskWithRetryConfig.of(configWithFallback, ASK_WITH_RETRY_CONFIG_PATH);
@@ -46,6 +47,7 @@ private DefaultEnforcementConfig(final ConfigWithFallback configWithFallback) {
                 configWithFallback.getBoolean(EnforcementConfigValue.GLOBAL_LIVE_RESPONSE_DISPATCHING.getConfigPath());
         specialLoggingInspectedNamespaces = Collections.unmodifiableSet(new HashSet<>(configWithFallback.getStringList(
                         EnforcementConfigValue.SPECIAL_LOGGING_INSPECTED_NAMESPACES.getConfigPath())));
+        entityCreation = DefaultEntityCreationConfig.of(configWithFallback);
     }
 
     /**
@@ -80,6 +82,11 @@ public Set<String> getSpecialLoggingInspectedNamespaces() {
         return specialLoggingInspectedNamespaces;
     }
 
+    @Override
+    public EntityCreationConfig getEntityCreation() {
+        return entityCreation;
+    }
+
     @Override
     public boolean equals(final Object o) {
         if (this == o) {
@@ -92,13 +99,14 @@ public boolean equals(final Object o) {
         return bufferSize == that.bufferSize &&
                 globalLiveResponseDispatching == that.globalLiveResponseDispatching &&
                 askWithRetryConfig.equals(that.askWithRetryConfig) &&
+                entityCreation.equals(that.entityCreation) &&
                 specialLoggingInspectedNamespaces.equals(that.specialLoggingInspectedNamespaces);
     }
 
     @Override
     public int hashCode() {
         return Objects.hash(askWithRetryConfig, bufferSize, globalLiveResponseDispatching,
-                specialLoggingInspectedNamespaces);
+                entityCreation, specialLoggingInspectedNamespaces);
     }
 
     @Override
@@ -107,6 +115,7 @@ public String toString() {
                 "askWithRetryConfig=" + askWithRetryConfig +
                 ", bufferSize=" + bufferSize +
                 ", globalLiveResponseDispatching=" + globalLiveResponseDispatching +
+                ", entityCreation=" + entityCreation +
                 ", specialLoggingInspectedNamespaces=" + specialLoggingInspectedNamespaces +
                 "]";
     }

diff --git a/...src/main/java/org/eclipse/ditto/concierge/service/common/DefaultEntityCreationConfig.java b/...src/main/java/org/eclipse/ditto/concierge/service/common/DefaultEntityCreationConfig.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2021 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+package org.eclipse.ditto.concierge.service.common;
+
+import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
+import javax.annotation.concurrent.Immutable;
+
+import org.eclipse.ditto.internal.utils.config.ConfigWithFallback;
+import org.eclipse.ditto.internal.utils.config.ScopedConfig;
+
+import com.typesafe.config.Config;
+
+/**
+ * This class implements {@link EntityCreationConfig} for Ditto's Concierge service.
+ */
+@Immutable
+public class DefaultEntityCreationConfig implements EntityCreationConfig {
+
+    private static final String CONFIG_PATH = "entity-creation";
+
+    private final List<CreationRestrictionConfig> grant;
+    private final List<CreationRestrictionConfig> revoke;
+
+    private DefaultEntityCreationConfig(final ScopedConfig config) {
+        grant = config.getConfigList(ConfigValue.GRANT.getConfigPath()).stream()
+                .map(DefaultCreationRestrictionConfig::of)
+                .collect(Collectors.toUnmodifiableList());
+        revoke = config.getConfigList(ConfigValue.REVOKE.getConfigPath()).stream()
+                .map(DefaultCreationRestrictionConfig::of)
+                .collect(Collectors.toUnmodifiableList());
+    }
+
+    /**
+     * Returns an instance of {@code DefaultEntityCreationConfig} based on the settings of the specified Config.
+     *
+     * @param config is supposed to provide the settings of the entity creation config at {@value #CONFIG_PATH}.
+     * @return the instance.
+     * @throws org.eclipse.ditto.internal.utils.config.DittoConfigError if {@code config} is invalid.
+     */
+    public static DefaultEntityCreationConfig of(final Config config) {
+        return new DefaultEntityCreationConfig(
+                ConfigWithFallback.newInstance(config, CONFIG_PATH, EntityCreationConfig.ConfigValue.values()));
+    }
+
+    @Override
+    public List<CreationRestrictionConfig> getGrant() {
+        return grant;
+    }
+
+    @Override
+    public List<CreationRestrictionConfig> getRevoke() {
+        return revoke;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        DefaultEntityCreationConfig that = (DefaultEntityCreationConfig) o;
+        return grant.equals(that.grant) && revoke.equals(that.revoke);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(grant, revoke);
+    }
+
+    @Override
+    public String toString() {
+        return getClass().getSimpleName() + " [" +
+                "grant=" + grant +
+                ", revoke=" + revoke +
+                ']';
+    }
+}
diff --git a/...e/service/src/main/java/org/eclipse/ditto/concierge/service/common/EnforcementConfig.java b/...e/service/src/main/java/org/eclipse/ditto/concierge/service/common/EnforcementConfig.java
@@ -55,6 +55,13 @@ public interface EnforcementConfig {
      */
     Set<String> getSpecialLoggingInspectedNamespaces();
 
+    /**
+     * Returns the configuration for the entity creation restrictions.
+     *
+     * @return the configuration.
+     */
+    EntityCreationConfig getEntityCreation();
+
     /**
      * An enumeration of the known config path expressions and their associated default values for
      * {@code EnforcementConfig}.